openssl/crypto/err
Dr. David von Oheimb 19f97fe6f1 HTTP: Implement persistent connections (keep-alive)
Both at API and at CLI level (for the CMP app only, so far)
there is a new parameter/option: keep_alive.
* 0 means HTTP connections are not kept open after
receiving a response, which is the default behavior for HTTP 1.0.
* 1 means that persistent connections are requested.
* 2 means that persistent connections are required, i.e.,
in case the server does not grant them an error occurs.

For the CMP app the default value is 1, which means preferring to keep
the connection open. For all other internal uses of the HTTP client
(fetching an OCSP response, a cert, or a CRL) it does not matter
because these operations just take one round trip.

If the client application requested or required a persistent connection
and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX *
as long as it wants to send further requests and OSSL_HTTP_is_alive()
returns nonzero,
else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close().
In case the client application keeps the OSSL_HTTP_REQ_CTX *
but the connection then dies for any reason at the server side, it will
notice this obtaining an I/O error when trying to send the next request.

This requires extending the HTTP header parsing and
rearranging the high-level HTTP client API. In particular:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
  OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
* Extend struct ossl_http_req_ctx_st accordingly.

Use the new feature for the CMP client, which requires extending
related transaction management of CMP client and test server.

Update the documentation and extend the tests accordingly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)
2021-05-14 19:24:42 +02:00
..
build.info
err_all_legacy.c Fix no-err 2020-12-08 16:10:17 +00:00
err_all.c Update copyright year 2021-02-18 15:05:17 +00:00
err_blocks.c Update copyright year 2021-04-08 13:04:41 +01:00
err_local.h rename err_get_state_int() to ossl_err_get_state_int() 2021-03-18 17:52:38 +10:00
err_prn.c Update copyright year 2021-04-08 13:04:41 +01:00
err.c rename err_get_state_int() to ossl_err_get_state_int() 2021-03-18 17:52:38 +10:00
openssl.ec Rename internal providercommonerr.h to less mouthful proverr.h 2021-02-11 09:34:31 +01:00
openssl.txt HTTP: Implement persistent connections (keep-alive) 2021-05-14 19:24:42 +02:00
README.md

Adding new libraries

When adding a new sub-library to OpenSSL, assign it a library number ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its name to ERR_str_libraries[] (in crypto/err/err.c), and add ERR_load_XXX_strings() to the ERR_load_crypto_strings() function (in crypto/err/err_all.c). Finally, add an entry:

L      XXX     xxx.h   xxx_err.c

to crypto/err/openssl.ec, and add xxx_err.c to the Makefile. Running make errors will then generate a file xxx_err.c, and add all error codes used in the library to xxx.h.

Additionally the library include file must have a certain form. Typically it will initially look like this:

#ifndef HEADER_XXX_H
#define HEADER_XXX_H

#ifdef __cplusplus
extern "C" {
#endif

/* Include files */

#include <openssl/bio.h>
#include <openssl/x509.h>

/* Macros, structures and function prototypes */


/* BEGIN ERROR CODES */

The BEGIN ERROR CODES sequence is used by the error code generation script as the point to place new error codes, any text after this point will be overwritten when make errors is run. The closing #endif etc will be automatically added by the script.

The generated C error code file xxx_err.c will load the header files stdio.h, openssl/err.h and openssl/xxx.h so the header file must load any additional header files containing any definitions it uses.